Ofcom data stolen in MOVEit cyber attack | Computer Weekly

Rate this post

UK communications regulator Ofcom has revealed it is without doubt one of the organizations compromised by Russian-language cybercriminal group Clop after exploiting an SQL injection vulnerability in Progress Software program’s managed file switch service MOVEit Switch.

Earlier at this time, Ofcom confirmed {that a} “restricted quantity” of details about the businesses it regulates (usually confidential), in addition to the private data of 412 of its personal staff, was downloaded through the attack.

“The safety of commercially delicate and delicate private data supplied to Ofcom is taken extraordinarily critically,” an Ofcom spokesman stated.

“We’ve taken fast measures to stop additional use of the MOVEit service and implement the beneficial safety measures. We additionally rapidly notified all affected Ofcom-regulated firms and proceed to supply assist and help to our colleagues.

“No Ofcom programs had been breached through the attack,” they added.

NordVPN CTO Marius Briedis commented: “Stealing private and company data from beneath the nostril of the UK media regulator will likely be one other feather in the cap for the cybercriminals behind the MOVEit breach.

“The sheer scale of the attack and high-profile victims such because the BBC, British Airways and now Ofcom recommend that it was rigorously deliberate…

“The theft of private and firm data from beneath the nostril of the UK media regulator will likely be one other feather in the cap for the cybercriminals behind the MOVEit hack”

Marius Briedis, NordVPN

Briedis added: “This vital data breach will increase the profile of attackers in the aggressive ransomware-for-hire market that exists on the darkish net. It additionally reveals the continued danger of UK provide chain assaults, with opportunistic hackers wanting to make use of third-party providers to land the massive fish additional afield.”

Because the clock ticks down on Klopp’s deadline for victims to contact him to keep away from having their data leaked on-line, particulars of recent victims proceed to emerge.

Eire’s Well being Govt (HSE), which was beforehand the sufferer of a serious ransomware attack carried out by cybercrime syndicate Conti, is amongst these to have disclosed the breach following the attack.

Like many different victims, the HSE was compromised in a so-called provide chain attack by the programs of an exterior service supplier utilizing MOVEit Switch, in this case skilled providers agency EY.

Progress Software program’s issues proceed

Forward of the weekend, Progress Software program, the corporate behind MOVEit, disclosed one other vulnerability in the product found with the assistance of third-party researchers that might have an analogous impression.
A patch for this vulnerability was launched on June 9. MOVEit Switch customers can be taught extra in regards to the vulnerability right here.

Leave a Comment

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

Please consider supporting us by disabling your ad blocker on our website